The Ivanti Threat Thursday Update for October 12, 2017: Of Metrics, Growth, and Change

Greetings. This time out, interesting research and analysis from a respected cybersecurity industry observer, a claim of greater accuracy in predicting breaches, and growth in IT hiring. Feel free to share your opinions, reactions, suggestions, or all of the above. Thanks in advance.

Enterprise Strategy Group: Change Is Hard for Cybersecurity Leaders

Enterprise Strategy Group (ESG) published a blog post by Senior Principal Analyst Jon Oltsik, founder of the firm’s cybersecurity practice. In his post, Jon cites some interesting ESG research findings and offers some equally interesting analysis of the causes for the slow rate of cybersecurity “technology transformation.”

  • “According to ESG research, 69% [of survey respondents] have increased their cybersecurity budgets in 2017.” And “when asked which business initiatives will drive the most IT spending, 39% of organizations responded, ‘increasing cybersecurity protection.’”
  • Incumbent controls can sometimes be applied to new use cases. However, “existing security controls may be a mismatch for some new requirements.” “92% of enterprise organizations [surveyed by ESG] tried to secure cloud workloads using traditional network security controls.” Ultimately, “74% of them had to abandon some of these controls” because they proved to be incongruous with this new use case.”
  • Modern cybersecurity solutions such as cloud-based workloads can also expose transformation-hobbling cultural gaps. “In many cases, product selection, procurement, and operations include groups like software developers, cloud computing architects, and DevOps – antithetical to old guard security pros.”

What We Say: Modernization of cybersecurity and IT is certainly challenging, but it is also a non-negotiable requirement for your enterprise. You simply cannot keep pace with the rapid growth and evolution of cybersecurity threats, business needs, and user desires with legacy solutions and processes alone. Fortunately, modernization efforts focused on specific, immediate business challenges can produce initial benefits that are clear enough soon enough to encourage support from your users and business leaders for further modernization efforts. (See “Want to Save Money and Improve Cybersecurity? Better Call SAM” and “GDPR Compliance: 5 Security Strategies.”)

FICO Claims Greater Accuracy for its Data Breach Predictions

FICO, perhaps best known for its role as a provider of consumer creditworthiness scores, also offers numerous business services, including the FICO® Enterprise Security Score. The company claims the latest version of that offering is far more accurate at predicting data breaches.

  • According to FICO, its Enterprise Security Score “gives subscribers the ability to assess the forward-looking cyber breach risk of their organization and their partners.” It is also intended to improve breach insurance underwriting.
  • In a recent announcement, FICO claims that the latest version of its Enterprise Security Score is “twice as accurate at predicting a data breach as the previous model.” A FICO executive attributed the improvement to a new scoring algorithm and the company’s “experience with AI [artificial intelligence] and machine learning.”
  • The new release also incorporates “industry-standard firmographic data and reference identifiers.” These help subscribers to “categorize their vendors and business partners” and achieve “a better understanding of supply chain risk exposure.”

What We Say: As cybersecurity gains greater visibility and importance to business decision makers, IT and cybersecurity leaders can expect to have more metrics applied to their efforts. However, the metrics that matter most are those that help you and your team to understand and improve IT and business performance and cybersecurity. Such metrics must be based on comprehensive, detailed, timely information about your extended environment. The value of the ability to collect, analyze, and leverage such information is strong incentive to modernize IT, cybersecurity, reporting, and analysis. (See “Three Components Required for a Complete IT Asset Management Solution (Part 1 of 4): Six Common Objectives” and “Reporting: The Sports Journalism of IT.”)

CompTIA: IT Hiring Is Up—As Is Demand for Cybersecurity Skills

The Computing Technology Industry Association (CompTIA) announced the findings of its monthly CompTIA IT Employment Tracker. The group’s analysis indicates that while IT job postings fell in September, the IT sector of the U.S. economy grew, and many skilled cybersecurity jobs remain unfilled.

  • “Job postings for IT positions experienced their largest drop of the year, falling nearly 40,000 in September from, the previous month.” However, the U.S. IT sector added some 3,200 new jobs during the same period, with computer and electronic products manufacturing enjoying “its best month for employment in 2017, adding 3,000 jobs.”
  • CompTIA’s analysis of figures from the U.S. Bureau of Labor Statistics found that IT services and custom software development added approximately 4,200 jobs in September. “For the year, 106,600 net new jobs have been generated in this category.”
  • BLS figures do not break out cybersecurity jobs separately. However, CompTIA cited job-posting figures from CyberSeek.org, a “cybersecurity jobs supply and demand map.” That source reported some 300,000 cybersecurity job postings between mid-2016 and mid-2017.

What We Say: CompTIA, Ivanti, and experts across the industry all agree that demand for skilled cybersecurity workers will continue to grow and go largely unfulfilled for some time to come. Your best cybersecurity strategies must therefore include automation and modernization efforts that maximize the reach and value of every skilled person you have and can find. Automation, augmented by emerging technologies such as AI and chatbots, can minimize your need to “throw people at the problem.” They can also minimize your attack surface, so you can focus your limited resources on the threats that actually get through. (See “How Artificial Intelligence (AI) Will Impact IT Service Management” and “The Ivanti Way: A Secure and Productive First Day.”)

Protect Your Enterprise, Today and Tomorrow, with Ivanti

Your journey toward The Power of Unified IT™ must take place atop a secure, robust IT platform. Ivanti can help you achieve the levels of security you need to make that journey successfully. Patch your client and server systems faster and more consistently. Fight and remediate malware attacks more effectively. Control your users’ applications, devices, and admin rights. Use our IT reporting and analytics solutions to consolidate disparate information from across your environment, and to demonstrate compliance with regulations, licenses, and business rules and goals.

Explore our solutions online. Then, get in touch with Ivanti. Let us help you make your enterprise IT more secure, agile, and valuable to your business. (And please keep reading, sharing, and commenting on our Patch Tuesday and Threat Thursday updates. Thanks!)